4

Our project has multiple android developers that all have access to the Google Play Console, in order to be able to publish APK updates from their respective computers.

As mentioned in the docs and this post here : The apk must be signed with the same certificates as the previous version

Question:

Is there a way where first developer can share his certificate with second developer, such that second developer is able to publish APK updates to Google Play console?

So far I didn't see any mention of this in the docs or discussion

The initial release of the app was published by the first developer. Now, the second developer would like to publish some updates as well. However this seems to be blocked, such that only APKs signed from first developer's computer will be permitted for Update upload.

Update

For a more established team, I can see the cloud solution from the accepted answer working - but in our case, sharing the certificate file proved to be the most practical solution. It was clean, fast, and solved the requirement without otherwise adding any additional layers to the stack.

Gene Bo
  • 11,284
  • 8
  • 90
  • 137
  • 4
    Since it is just a file, it can be shared. But consider using jenkins or anotherother CI to run your builds and upload to play store. – petey Feb 13 '18 at 21:41
  • @petey - makes sense on having CI .. but ouch, as I understand it - adding in and then maintaining a CI layer/server/etc is not exactly trivial. I can see if there's a bigger team, that resources would be allocated for such a layer. However, right now our project is not a big one. I see what you mean about just sharing the certificate file.. that makes sense. I'm guessing I need the associated password as well and then should be good to go. Thanks – Gene Bo Feb 13 '18 at 21:47

1 Answers1

3

One way to deal with this is to use the Google Play App Signing function of the Developer Console. Your signing key can be stored with Google and secondary upload keys are used to generate the build. When you upload the build, Google will re-sign it with the actual signing key. If another developer comes along, the upload key can be revoked and a new one generated but the actual signing key remains secure in Google-land.

See: https://developer.android.com/studio/publish/app-signing.html

and: https://support.google.com/googleplay/android-developer/answer/7384423

Robert Nekic
  • 3,087
  • 3
  • 24
  • 36
  • Reading those docs, I see that this is the mechanism that Google Play provides - as part of its platform, to allow for APK updates from multiple developer machines. It looks like the way to approach this requirement in terms of best-practices for a *stand-alone* cloud-based solution. Good links, thanks – Gene Bo Feb 14 '18 at 00:21